Case Study 3

Determining the Cause of Failure

To determine the cause of the traffic failure in this case, perform the following steps:

1. Enter the show asp drop command on the ASA 1000V.

user-ASA1000V-efw(config)# show asp drop

Frame drop:

No route to host (no-route) 494

Flow is denied by configured rule (acl-drop) 5

Slowpath security checks failed (sp-security-checks) 1

FP L2 rule drop (l2_acl) 550

Last clearing: 15:35:06 UTC Jun 20 2012 by enable_15

Flow drop:

Last clearing: 15:35:06 UTC Jun 20 2012 by enable_15

No vPath-related packets have been dropped.

2. Check whether or not the ACL configuration has been pushed from the Cisco VNMC to the ASA 1000V by entering the show running-config access-list and show running-config access-group commands on the ASA 1000V.

The output of these two commands indicates that the ACL policy was not configured correctly in the Cisco VNMC.

Resolving the Issue

To resolve the issue, reconfigure the ACL policy correctly in the Cisco VNMC.